Developing Your Company’s BYOD (Bring Your Own Device to Work) Policy
There was a time not that long ago, when every human being around you wasn’t carrying a cell phone, when a child of 12 didn’t assume that he/she was entitled to the latest and greatest device, or when, if given a cell phone (or a beeper) by an employer, employees understood that they had to follow certain rules. Of course, as personal cell phone use grew, it meant that, more and more, people were carrying around multiple devices, and given the size of many smartphones these days, that would be rather burdensome.
Today most employers realize that allowing employees to use their own phones and other devices for business is a benefit for both sides, but it can also be problematic. If the employer chooses to pay for a portion of the monthly cellphone bill, does this make the device a “company” asset? Does the company have any control over it at all? Some companies have taken that approach and demand the right to use the GPS application in a privately owned phone to track employees’ whereabouts, especially if these people spend time on the road.
Perhaps more importantly, personal privacy as well as corporate security issues can arise when these devices are synched to the employer’s network. Larger firms often have BYOD (Bring Your Own Device) to work policies, but smaller companies, as often as not, will leave it to chance. Surveys of this size business prove the point: 88% of employees are doing at least some business on their own devices, indicating the potential for disastrous consequences, yet only 17% of these companies have a BYOD policies to deal with the situation. Another 29% have plans to implement BYOD security protocols in the future, but experience tells us that, ultimately, many of these plans will never be executed.
We believe this is important enough to share with you some guidelines for establishing your company’s own policy. Smartphones can be hacked and they can provide cyber crime entry into your IT infrastructure. We encourage you to do it now, not after your first cyber security attack or data loss. These are our suggestions:
1: First of all, your company’s BYOD policies should be in writing. In smaller companies, it is not unusual for policies like this to be verbal and never be committed to “paper”. In today’s work-world, with telecommuting and the use of home office equipment becoming commonplace, clearing defining employee responsibilities and employer rights is critical.
2: Allowed Devices: Clearly define what devices you will allow employees to use for work.
3: Data Deletion: You must be able to delete any and all company data on a remote basis without the owner’s permission. With the right mobile device management application, this is not at all difficult to accomplish, and you can do so while leaving the device’s owner’s contacts, personal photos, music, etc., untouched.
4: Employee privacy: People who use their devices for work must understand that while you have no desire to intrude on their personal lives, your access to these devices might also give you access to their images, email, texts and other information residing in these devices. As an employer, you have an obligation to protect the privacy of your employees, as well as protecting your company.
5: Tracking: As we stated above, some organizations use the GPS tracking applications within their employees’ smartphones to track their daily progress. When this fits into your business plans, this must be fully understood by the employee and, again, you have a duty to protect privacy.
We strongly encourage you to start the process of creating your own company BYOD to Work policy. If you need some assistance, please give us a call. 777.569.4600